Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

SSL VPN: Convert .ovpn to .apc/.epc for Site-to-Site SSL Tunnels

Please make a tool to conver regular openvpn configuartion files to your apc/epc format. Without such a tool it is impossible to use an astaro as client for existing openvpn server.

511 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Ruben PüttmannRuben Püttmann shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    57 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • coewarcoewar commented  ·   ·  Flag as inappropriate

        I hate to say it, but you're better off pushing through doing some of this with a Linux server. You can have Astaro up front and then do NAS forwarding of SSL VPN port into another server in your backend to handle it. How exactly to set up the Linux side of that I'm not sure but I'm saying it's worth learning how to do. But we have successfully moved IPSec VPN connections from an Astaro 100% to a Linux server behind it running StrongSWAN. It was just a matter of NAS forwarding the IPSec ports. The beauty of that project was the for the most part, the partners' VPN connections didn't even know about it and kept on humming after reconnecting. We moved about 50 connections.

      • Anonymous commented  ·   ·  Flag as inappropriate

        For where I see we still don't have this feature, we switched from a Linux gateway to sophos UTM because it seemed more trustfull and secure, but we have external offices that used to connect to our old gateway using openvpn, now we can't connect cause there's no way we can connect openvpn clients to UTM in a site-to-site manner.

        HELPPP!!! Already searched through all the astaro forum and no viable solution.

      • Green CloudGreen Cloud commented  ·   ·  Flag as inappropriate

        I vote for any way that allows me to make the UTM a client to a privateinternetaccess.com openvpn server. Seriously Sophos, why are you dropping the ball? People have been asking for this for years upon years according to the almighty Google. I didn't have a single negative comment about the UTM until this, now it's the comment I open with when discussing UTM 9.

      • coewarcoewar commented  ·   ·  Flag as inappropriate

        If you think that's over due, what about the fact that it's still using this version of ipsec?

        Linux strongSwan U4.4.1git20100610/K3.8.13.15-10.gc33dd1e-smp64

      • Daryl MorseDaryl Morse commented  ·   ·  Flag as inappropriate

        People are still asking for this and it's been in the top 10 of most requested features for a long time. Many users for many reasons would like to route traffic through vpns to other countries. It's not difficult, just take a look at the setup to install openvpn in client mode. I hope this feature will be addressed in the next release. It's long overdue.

      • Steve SantSteve Sant commented  ·   ·  Flag as inappropriate

        This is a rather glaring omission, but I appreciate the difficulties in integrating a new connection paradigm into the existing platform. However, it's one of those occasions where the water is clearly flowing in a certain direction and it would seem sensible to invest the necessary resources in doing this fully and correctly rather than offering a quick fix.

      • Simon ShawSimon Shaw commented  ·   ·  Flag as inappropriate

        We'd like this feature so we can route certain traffic out of China via VPN servers hosted in Hong Kong. (China Telecom and Unicom have excellent links to HK but routing is an issue.

      • TormodTormod commented  ·   ·  Flag as inappropriate

        Why cant we, if we want, set up a SSL VPN Client manually?
        Its not that hard to copy certificates, server addresses and such..

      • Angelo ComazzettoAdminAngelo Comazzetto (Product Ninja, Sophos Features & Ideas Laboratory) commented  ·   ·  Flag as inappropriate

        To provide a status update. The .apc/.epc format you refer to is not just a .ovpn file which has been converted to a proprietary format. As there is no standard at all for site-to-site SSL VPN at this time, we needed to include more information than just tunnel parameters in the file that you download as "ours" from a UTM.

        Conversely, a simple .OVPN file does not contain all the information a UTM needs in order to construct a site-to-site SSL VPN. There are configuration objects used by the UTM that are used by our CONFD in the underlying system overall, and these cannot be easily deduced and labelled by the system. As such, the idea of using a UTM-generated site-to-site SSL VPN configuration file with your OpenVPN server, or importing a .OVPN file (with all the gamut of parameters possible in such a file) into the UTM for easy cross-device SSL VPN site-to-site is a large technical challenge with too many places where assumptions we would have to make would limit the scope and usefulness any ways.

        We will look at some sort of solution, but it isn't a simple thing we can easily do in the short term. Keep voting! We see you guys.

      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        Try to setup a connection the other way round: Astaro as server and a linux server as a client.

        Cannot understand why somebody should invent this strange format.

        But at least a way for conversion is needed. NEEDED!

      • PeterPHPeterPH commented  ·   ·  Flag as inappropriate

        This is the only thing which is extremely missing from UTM. Definitely voting for this!

      ← Previous 1 3

      Feedback and Knowledge Base